<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<section class="l-section"><div class="l-section-h i-cf"><h2>dotdotpwn Package Description</h2>
<p style="text-align: justify;">It’s a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. </p>
<p>Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.</p>
<p>It’s written in perl programming language and can be run either under *NIX or Windows platforms. It’s the first Mexican tool included in BackTrack Linux (BT4 R2).</p>
<p>Fuzzing modules supported in this version: </p>
<ul>
<li>HTTP</li>
<li>HTTP URL</li>
<li>FTP</li>
<li>TFTP</li>
<li>Payload (Protocol independent)</li>
<li>STDOUT</li>
</ul>
<p>Source: https://github.com/wireghoul/dotdotpwn<br>
<a href="http://dotdotpwn.blogspot.ca" variation="deepblue" target="blank">DotDotPwn Homepage</a> | <a href="http://git.kali.org/gitweb/?p=packages/dotdotpwn.git;a=summary" variation="deepblue" target="blank">Kali DotDotPwn Repo</a></p>
<ul>
<li>Author: chr1x, nitr0us </li>
<li>License: GPLv2</li>
</ul>
<h3>Tools included in the dotdotpwn package</h3>
<h5>dotdotpwn.pl – DotDotPwn – The Directory Traversal Fuzzer</h5>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="8af8e5e5fecae1ebe6e3">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# dotdotpwn.pl<br>
#################################################################################<br>
#                                                                               #<br>
#  CubilFelino                                                       Chatsubo   #<br>
#  Security Research Lab              and            [(in)Security Dark] Labs   #<br>
#  chr1x.sectester.net                             chatsubo-labs.blogspot.com   #<br>
#                                                                               #<br>
#                               pr0udly present:                                #<br>
#                                                                               #<br>
#  ________            __  ________            __  __________                   #<br>
#  \______ \    ____ _/  |_\______ \    ____ _/  |_\______   \__  _  __ ____    #<br>
#   |    |  \  /  _ \\   __\|    |  \  /  _ \\   __\|     ___/\ \/ \/ //    \   #<br>
#   |    `   \(  &lt;_&gt; )|  |  |    `   \(  &lt;_&gt; )|  |  |    |     \     /|   |  \  #<br>
#  /_______  / \____/ |__| /_______  / \____/ |__|  |____|      \/\_/ |___|  /  #<br>
#          \/                      \/                                      \/   #<br>
#                               - DotDotPwn v3.0 -                              #<br>
#                         The Directory Traversal Fuzzer                        #<br>
#                         http://dotdotpwn.sectester.net                        #<br>
#                           <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="0fcdaf6b607b6b607b7f78614f7c6a6c7b6a7c7b6a7d21616a7b">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>                            #<br>
#                                                                               #<br>
#                               by chr1x &amp; nitr0us                              #<br>
#################################################################################<br>
<br>
Usage: ./dotdotpwn.pl -m &lt;module&gt; -h &lt;host&gt; [OPTIONS]<br>
    Available options:<br>
    -m  Module [http | http-url | ftp | tftp | payload | stdout]<br>
    -h  Hostname<br>
    -O  Operating System detection for intelligent fuzzing (nmap)<br>
    -o  Operating System type if known ("windows", "unix" or "generic")<br>
    -s  Service version detection (banner grabber)<br>
    -d  Depth of traversals (e.g. deepness 3 equals to ../../../; default: 6)<br>
    -f  Specific filename (e.g. /etc/motd; default: according to OS detected, defaults in TraversalEngine.pm)<br>
    -E  Add @Extra_files in TraversalEngine.pm (e.g. web.config, httpd.conf, etc.)<br>
    -S  Use SSL - for HTTP and Payload module (use https:// for in url for http-uri)<br>
    -u  URL with the part to be fuzzed marked as TRAVERSAL (e.g. http://foo:8080/id.php?x=TRAVERSAL&amp;y=31337)<br>
    -k  Text pattern to match in the response (http-url &amp; payload modules - e.g. "root:" if trying /etc/passwd)<br>
    -p  Filename with the payload to be sent and the part to be fuzzed marked with the TRAVERSAL keyword<br>
    -x  Port to connect (default: HTTP=80; FTP=21; TFTP=69)<br>
    -t  Time in milliseconds between each test (default: 300 (.3 second))<br>
    -X  Use the Bisection Algorithm to detect the exact deepness once a vulnerability has been found<br>
    -e  File extension appended at the end of each fuzz string (e.g. ".php", ".jpg", ".inc")<br>
    -U  Username (default: 'anonymous')<br>
    -P  Password (default: <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="aa8dcec5deeacec5de84daddc4">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>')<br>
    -M  HTTP Method to use when using the 'http' module [GET | POST | HEAD | COPY | MOVE] (default: GET)<br>
    -r  Report filename (default: 'HOST_MM-DD-YYYY_HOUR-MIN.txt')<br>
    -b  Break after the first vulnerability is found<br>
    -q  Quiet mode (doesn't print each attempt)<br>
    -C  Continue if no data was received from host</code>
<h3>dotdotpwn Usage Example</h3>
<p>Use the HTTP scan module <b><i>(-m http)</i></b> against a host <b><i>(-h 192.168.1.1)</i></b> , using the GET method <b><i>(-M GET)</i></b>:</p>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="4d3f2222390d262c2124">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# dotdotpwn.pl -m http -h 192.168.1.1 -M GET<br>
#################################################################################<br>
#                                                                               #<br>
#  CubilFelino                                                       Chatsubo   #<br>
#  Security Research Lab              and            [(in)Security Dark] Labs   #<br>
#  chr1x.sectester.net                             chatsubo-labs.blogspot.com   #<br>
#                                                                               #<br>
#                               pr0udly present:                                #<br>
#                                                                               #<br>
#  ________            __  ________            __  __________                   #<br>
#  \______ \    ____ _/  |_\______ \    ____ _/  |_\______   \__  _  __ ____    #<br>
#   |    |  \  /  _ \\   __\|    |  \  /  _ \\   __\|     ___/\ \/ \/ //    \   #<br>
#   |    `   \(  &lt;_&gt; )|  |  |    `   \(  &lt;_&gt; )|  |  |    |     \     /|   |  \  #<br>
#  /_______  / \____/ |__| /_______  / \____/ |__|  |____|      \/\_/ |___|  /  #<br>
#          \/                      \/                                      \/   #<br>
#                               - DotDotPwn v3.0 -                              #<br>
#                         The Directory Traversal Fuzzer                        #<br>
#                         http://dotdotpwn.sectester.net                        #<br>
#                           <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="8b492befe4ffefe4fffbfce5cbf8eee8ffeef8ffeef9a5e5eeff">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>                            #<br>
#                                                                               #<br>
#                               by chr1x &amp; nitr0us                              #<br>
#################################################################################<br>
<br>
[+] Report name: Reports/192.168.1.1_05-20-2014_08-41.txt<br>
<br>
[========== TARGET INFORMATION ==========]<br>
[+] Hostname: 192.168.1.1<br>
[+] Protocol: http<br>
[+] Port: 80<br>
<br>
[=========== TRAVERSAL ENGINE ===========]<br>
[+] Creating Traversal patterns (mix of dots and slashes)<br>
[+] Multiplying 6 times the traversal patterns (-d switch)<br>
[+] Creating the Special Traversal patterns<br>
[+] Translating (back)slashes in the filenames<br>
[+] Adapting the filenames according to the OS type detected (generic)<br>
[+] Including Special sufixes<br>
[+] Traversal Engine DONE ! - Total traversal tests created: 19680<br>
<br>
[=========== TESTING RESULTS ============]<br>
[+] Ready to launch 3.33 traversals per second<br>
[+] Press Enter to start the testing (You can stop it pressing Ctrl + C)</code>
</div></section><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
